Every Ploi server is protected by a UFW firewall. You manage which ports are open from the panel under the Network rules section — no need to run ufw by hand.
Default rules
When a server is provisioned, Ploi opens the ports the server type needs. For a standard web server that's SSH (22), HTTP (80) and HTTPS (443). Other server types open their relevant ports (for example a storage server opens the MinIO ports).
Adding a rule
Open your server, go to the Network rules section and add a rule. You provide:
- Name — a label for the rule.
- Port — a single port or a range (1–65535).
- Type —
TCPorUDP. - Rule type — allow or deny.
- From IP address (optional) — restrict the rule to one or more IPs/CIDR ranges (comma-separated). Leave empty to apply to any source.
Ploi applies the rule to UFW for you — for example, opening UDP 443 for HTTP/3, or allowing only your office IP to a custom port.
Good to know
- When you allow a rule on the SSH port, Ploi automatically keeps its own management IPs allowed so you don't lock the panel out.
- To restrict a port to several IP addresses, add them comma-separated — Ploi creates the rules safely one after another.
- You can delete a rule from the same section and Ploi removes it from UFW.
